AD in two different Forests/Domains using Lync

Hello,

I am working on a solution to have Lync work in multidomains where Lync lives in one domain and some users exist in another. The domains have a two way transitive trust. I used the following article which helped me with a script to copy user accounts including SID from one 2008 R2 domain to another. The accounts would remain disabled in the destination domain. This method using Active Directory Web services on both sides.

I need to figure how if I can do something similar from a 2003 domain to a 2008 domain. Copy the users, maintain the SID and GUID's to a disabled account on 2008 R2.

Article used

http://thamaraw.com/2012/12/15/substitution-for-fim-in-lync-server-resource-forrestdomain-deployment/comment-page-1/#comment-1141

July 17th, 2015 2:49pm

Hi

The official answer would be to use FIM. You could also use perhaps ADMT to migrate /copy the users accounts over and then disable them.

thanks

Free Windows Admin Tool Kit Click here and download it now
July 19th, 2015 2:25am

Do you know where I can get the ADMT tool. I go to this page and select the tool

https://connect.microsoft.com/site1164/Downloads/DownloadDetails.aspx?DownloadID=53423

I then get an error saying Page Not Found...argh.

July 20th, 2015 12:58pm

Hi,

To support a central forest topology, the following prerequisites are required:

  • Microsoft Forefront Identity Manager 2010, Microsoft Identity Lifecycle Manager 2007 Feature Pack 1 (FP1), or Microsoft Identity Integration Server 2003 SP2 In order to synchronize data across your forests, you must deploy one of these life cycle manager tools.

  • To synchronize the necessary attributes from user forests to a central forest, Lync Server provides a tool called LcsSync.

You can deploy Lync Server in a Multiple Forest Environment with the help of the link below:

https://technet.microsoft.com/en-us/library/gg670909(v=ocs.14).aspx

Best Regards,

Eason Huang

Free Windows Admin Tool Kit Click here and download it now
July 21st, 2015 5:14am

Hi

ADMT can be found here: https://connect.microsoft.com/site1164/program8540

But if you cannot download it there: then use my OneDrive: http://1drv.ms/1CgwEng

Again I would stress that this method is untried / untested but in my head it would appear to be possible with the correct attribute selection. Just have to watch the passwords as they'll be dual identities to all intents and purposes.

July 21st, 2015 5:26am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics